English
Search Contact
Close
English
Needs

Industrial Supervision & Control

Operations Management

Data Analytics & AI

Software
Supervisory, HMI & SCADA software
MES - Manufacturing Execution System
Data Management Software
Batch management
Unified Operations Center
Industrial cloud platform and AI

Software highlights

Business model and support

Activity

By industry

By function

Service

At Factory Software, we support our customers every day and work together to develop innovative projects. Our teams collaborate closely with you to understand your specific requirements and deliver the best solutions. With a community of over 600 system integrators, we are your reliable and dedicated partner for success. Let’s create the extraordinary together.

AVEVA training and eLearning

Find a suitable training or a free tutorial

Find a System Integrator

Find a system integrator by region or certification

Events & webinars

Meet us or join a live webinar

Get a demo

Get to know our products!

Contact

Contact our teams

Technical support

Support for your projects

Visit our Experience Center

A good demo is truly better than a long speech!

Make an appointment
Downloads

Unsere Ressourcen

Blog

The latest news on Industry 4.0 and AVEVA software

Documents and replays

Product brochures, eBooks, infographics, webinar recordings and much more

Testimonials

Get inspired by our customers’ success stories

Events & Webinars

Meet us or join a live webinar

Deploying next-gen HMI solutions

A blueprint for increased operational efficiency

Download
About us
We are Sonepar
Exclusive AVEVA distribution partner
Career
Our talents
Job openings

We are Sonepar

We are a Sonepar company

Exclusive AVEVA distribution partner

We are the largest AVEVA distributor in Europe

Career

Contribute your knowledge and skills with us

Our talents

Our company’s development is driven by exceptional talents

Job openings

Our job offers
Retour
Contact Search

Cybersecurity Act: a crucial regulation for the future of industrial cybersecurity in Europe

Cybersecurity

Published on 15/09/2025

5 min reading

Cybersecurity-Act

Cybersecurity
has never been more strategic for manufacturers. With the proliferation of cyber-attacks and the explosion of connected objects, the question is no longer if an attack will occur, but when.

This is the backdrop to the Cybersecurity Act (EU 2019/881), adopted on June 7, 2019. This European regulation aims to strengthen confidence in digital products and services by establishing a common cybersecurity certification framework. In concrete terms, it gives ENISA (the European Cybersecurity Agency) a central role and sets up certification schemes to guarantee users that the solutions they adopt meet recognized levels of security.

At Factory Software, we are convinced that this approach is essential. Our customers trust us to provide them with cutting-edge industrial solutions, designed to be cyber-resilient, ensure business continuity and support sustainable growth. With the AVEVA software we distribute, we take a clear stance: compliance with international regulations is a natural consequence of our commitment to cybersecurity. Every nation has the right, and the duty, to protect its critical infrastructures and citizens against cyber-attacks. That's why we welcome these regulations with transparency, and fully align ourselves with their requirements.

What is the Cybersecurity Act?

Adopted in June 2019, the Cybersecurity Act (EU 2019/881) is a European regulation that aims to strengthen digital trust in Europe. It gives ENISA (the European Cybersecurity Agency) a permanent and more powerful role, and sets up European cybersecurity certification schemes for ICT products, services and processes. The aim is simple: to ensure that digital solutions used in Europe meet recognized and harmonized security standards.

For the industrial sector, this regulation is particularly strategic. Factories and critical infrastructures now rely on connected software, networks and equipment, making them vulnerable to cyber-attacks. By creating a common framework, the Cybersecurity Act raises the level of security throughout the value chain: from manufacturers to integrators, right through to end-users.

And this approach echoes our vision. Our industrial software, whether for supervision, MES or data management, is developed to meet the most stringent cybersecurity requirements. This means that our customers can deploy their digital solutions with confidence, while being aligned with European regulations.

Cyber Resilience Act: a new European regulatory framework now a must

Today, cybersecurity is one of the European Union's major challenges, given the proliferation of connected objects and the growing impact of cyberattacks on the internal market and critical infrastructures. In response, the EU has adopted an ambitious approach: to create a uniform legal framework laying down essential cybersecurity requirements for products incorporating digital elements.

This includes both hardware equipment and software linked directly or indirectly to another device or network. The Cyber Resilience Act (CRA) thus imposes precise obligations on manufacturers and distributors, covering the entire lifecycle of digital products. Although it applies to Europe, this regulation will have a worldwide impact, as the software and hardware industry operates in a globalized ecosystem.

The two main issues identified by the Cyber Resilience Act are

The CRA addresses two critical weaknesses:

  • The low level of cybersecurity of digital products.
  • The lack of information available to users to make informed choices.

Key principles of the Cyber Resilience Act

To reinforce confidence and security, the regulations introduce several structuring obligations:

  • Security by design: manufacturers must integrate cybersecurity right from the development stage, delivering products that are configured to be secure by default.
  • Ongoing responsibility: manufacturers remain responsible for product security throughout the product lifecycle.
  • Conformity assessment: software publishers will have to carry out a self-assessment or use a third party to demonstrate compliance.
  • Transparency for users: manufacturers must clearly communicate safety features and best practices to end-users.
  • CE marking: compliant products will be able to bear the CE mark, a guarantee of CRA compliance and reliability for the European market.

Timetable already set

The Cyber Resilience Act will be implemented gradually:

  • September 11, 2026: reporting obligations come into force.
  • December 11, 2027: full application of the regulations for all products concerned.

AVEVA's proactive approach to the Cyber Resilience Act

With over 50 years' experience in the development and support of industrial software, AVEVA recognizes the importance of demanding cybersecurity and high operational standards. Its expertise in the Security Development Lifecycle puts it in an ideal position to move towards the provision of CE-marked products.

Although the regulations are still evolving, and full implementation is expected in two years' time, AVEVA has already launched internal assessments to anticipate the implications for its entire software portfolio.

On the date of applicability, the CRA will mainly concern on-premise and hybrid offerings, but the compliance strategy is already based on four pillars:

  • Security culture: raising awareness among internal teams and global partners of the impact of these regulations on practices and the value chain.
  • Lifecycle Policy: the 2024 product policy update integrates CRA requirements to offer customers transparency and flexibility in support models.
  • Security Development Lifecycle: integrate essential requirements at every stage of development, from team training to the management of updates and incident response.
  • Certificate of Conformity: provide comprehensive documentation, an online trust center, contractual and commercial governance, and CE marking for compliant products.

What's the impact for manufacturers?

For machine manufacturers, the Cyber Resilience Act represents a major evolution: integrating cybersecurity into equipment design becomes an imperative, in the same way as physical security or regulatory compliance.

For industrial software publishers like AVEVA, the challenge is to support customers in implementing robust solutions capable of protecting both production data and business continuity.

As an official distributor of AVEVA software, Factory Software plays a key role in informing, supporting and advising manufacturers so that they can anticipate the impact of the ARC, bring their digital environments into compliance and secure their investments over the long term.

Finally, for IT/OT managers, the CRA offers a clearer framework and an additional guarantee: CE-marked products will offer proven security, facilitating their integration into critical environments.

In short, these regulations will not only boost user confidence, but also accelerate the cyber maturity of industrial value chains.

 

 

The Cyber Resilience Act is not simply a regulatory constraint: it is a strategic opportunity to strengthen cybersecurity at the heart of industrial systems. By anticipating its implications today, AVEVA and Factory Software are enabling manufacturers to tackle this transition with complete peace of mind, and prepare for a safer, more reliable and more resilient digital future.

Read more news

Access the AVEVA Blog

Nous contacter

N'hésitez pas à nous contacter pour en savoir plus sur les solutions que nous proposons ou pour solliciter une démonstration produit à distance ou dans l'un de nos Showroom.

Contact